labs / tiddlers / content / labs / 06 / _Labs_05_JavaScript

If a client-side attacker can inject JavaScript code into database data, it may end up being activated in a user's browser. We will demonstrate a couple of ways of carrying out this sort of attack, and show how the database contents map to what is displayed in the user's browser.